Brocade Communications Systems Gateway Wartungshandbuch

53-1003126-0215 August 2014Access GatewayAdministrator's GuideSupporting Fabric OS v7.3.0

• Brocade Supplemental Support augments your existing OEM support contract, providing directaccess to Brocade expertise. For more information, contact

enabling switch 95limitations with configdownload command 78merging switch with fabric 95re-joining switch to fabric 95saving 95using configdownload c

IICL ports, limitations 78inband queries 93initiator and target port considerations 35Jjoin fabric 95Llimitationsdevice load balancing 63direct connec

comparison 24mapping 29requirements 89types 24portcfgpersistentenable command 47port groupadd N_Port 58createport groupadd N_Port 60delete N_Port 58di

schemes 93setting 95Access Gateway Administrator's Guide 10353-1003126-02

104 Access Gateway Administrator's Guide53-1003126-02

About This Document● Supported hardware and software... 11● What’s new

Changes made for Fabric OS 7.3.0aThe following content is new or significantly revised from 53-1003126-01 for this release of thisdocument:• Updated K

NPIV N_Port ID Virtualization. This is a Fibre Channel facility allowing multipleN_Port IDs to share a single physical N_Port. This allows multiple Fi

Key terms for Access Gateway14 Access Gateway Administrator's Guide53-1003126-02

Access Gateway Basic Concepts● Brocade Access Gateway overview ...15● Fabr

FIGURE 1 Switch function in Native modeAccess Gateway Basic Concepts16 Access Gateway Administrator's Guide53-1003126-02

FIGURE 2 Switch function in Access Gateway modeFabric OS features in Access Gateway modeIn the table below, "Yes" indicates that the feature

Fabric OS components supported on Access Gateway (Continued)TABLE 1 Feature SupportAdmin Domains NoAudit YesBeaconing YesBottleneck Detection YesBuf

Fabric OS components supported on Access Gateway (Continued)TABLE 1 Feature SupportFICON (includes CUP) NoForward Error Correction (FEC) YesRefer to

© 2014, Brocade Communications Systems, Inc. All Rights Reserved.Brocade, the B-wing symbol, Brocade Assurance, ADX, AnyIO, DCX, Fabric OS, FastIron,

Fabric OS components supported on Access Gateway (Continued)TABLE 1 Feature SupportSyslog Daemon YesTrack Changes YesTrunking Yes**User-Defined Role

• A Fabric OS downgrade requires FEC to be disabled.• Specific switch platforms support this feature either in R_RDY or VC_RDY mode.Virtual Fabrics su

To perform authentication with switch policy, the on and off policy modes are supported on the AGswitch. To perform authentication with device policy,

For more information, refer to the Fabric OS Command Reference .Limitations and considerations• Authentication policy is not supported on cascaded AG

• VF mode distribution is not applicable to an AG.• The distribute command is not supported in AG mode. Hence, an AG cannot distribute itspassword dat

FIGURE 3 Port usage comparisonYou can convert a Fibre Channel port into a D_Port on AG switch and a connected fabric switch,another AG switch (cascade

FIGURE 4 Diagnostic port configurationsThe table below shows a comparison of port configurations between AG and a standard fabric switch.Port configur

Configuring Ports in Access Gateway Mode● Enabling and disabling Access Gateway mode... 27●

9. Enter the switchShow command to display the status and port state of all ports. Refer to the FabricOS Command Reference for examples of output. For

Access Gateway mappingWhen operating in AG mode, you must specify pre-provisioned routes that AG will use to direct trafficfrom the devices (hosts or

ContentsPreface...7D

FIGURE 5 Port mapping exampleThe following table describes the port mapping details for the above example.Description of port mapping TABLE 6 Access

NOTEPrior to Fabric OS 7.3.0, all POD licenses must be present to use the Brocade 300, 5100, 6505, and6510 as an Access Gateway. However, Fabric OS 7.

Access Gateway default port mapping (Continued)TABLE 7 Brocade Model Total Ports F_Ports N_Ports Default port mappingM5424 24 1–16 0, 17–23 1, 2 map

Access Gateway default port mapping (Continued)TABLE 7 Brocade Model Total Ports F_Ports N_Ports Default port mapping5460 26 6–25 0–5 6, 16 mapped t

Access Gateway default port mapping (Continued)TABLE 7 Brocade Model Total Ports F_Ports N_Ports Default port mappingM6505 24 1–16 0, 17–23 1, 2 map

Access Gateway default port mapping (Continued)TABLE 7 Brocade Model Total Ports F_Ports N_Ports Default port mapping6548 28 1–16 0, 17–27 1, 13 map

The F_Port list can contain multiple F_Port numbers separated by semicolons. In the followingexample, F_Ports 6 and 7 are mapped to N_Port 13.switch:a

Considerations for using F_Port Static Mapping with other AG features and policiesConsider the following when using F_Port Static Mapping with Access

• Logins from a device mapped to a specific N_Port or N_Port group (device mapping) always havepriority over unmapped devices that log in to an F_Port

FIGURE 6 Example of device mapping to N_Port groupsThe figure below shows an example of device mapping to specific N_Ports. Note that you can map oneo

Access Gateway policies overview... 51Displaying current policies ...

FIGURE 7 Example device mapping to an N_PortStatic versus dynamic mappingDevice mapping can be classified as either "static" or "dynami

• Device mapping to an N_Port and to an N_Port group are considered static. Static mappings persistsacross reboots and can be saved and restored with

The following example removes all devices mapped to port group 3.ag --delwwnpgmapping 3 --all6. Enter the ag --wwnmapshow command to display the list

The following example disables device mapping for two WWNs.switch:admin> ag --wwnmappingdisable "10:00:00:06:2b:0f:71:0c; 10:00:00:05:1e:5e:2c

error. This also applies to using Fabric OS commands for device mapping. You could also mapseveral devices to a new port group and then create the gro

Mapping priorityTo avoid potential problems when both port and device mapping are implemented, AG uses thefollowing priority system when verifying pol

N_Port configurationsBy default, on embedded switches, only the internal ports of Access Gateway are configured asF_Ports. All external ports are conf

Displaying N_Port configurationsUse the following steps to determine which ports on a switch are locked as N_Ports.1. Connect to the switch and log in

D_Port supportThe Diagnostic (D_Port) feature is supported on 16-Gbps ports in the following configurations:• An AG switch connected to an AG switch i

• D__Port must be configured on the AG, fabric switch, cascaded AG switch, or HBA before enablingD_Ports on both sides of the link. Otherwise, the por

Disabling F_Port trunking...78Monitoring trunking ...

Saving port mappings50 Access Gateway Administrator's Guide53-1003126-02

Managing Policies and Features in Access Gateway Mode● Access Gateway policies overview...

Policy enforcement matrix (Continued)TABLE 8 Policies Auto PortConfigurationN_Port Grouping N_Port Trunking Advanced DeviceSecurityN_Port Grouping M

1. Connect to the switch and log in using an account assigned to the admin role.2. Enter the ag --policyenable ads command to enable the ADS policy.sw

Setting the list of devices not allowed to log in1. Connect to the switch and log in using an account assigned to the admin role.2. Enter the ag --ads

Displaying the list of allowed devices on the switch1. Connect to the switch and log in using an account assigned to the admin role.2. Enter the ag --

3. Enter the configUpload command to save the switch’s current configuration.4. Enter the ag --policydisable pg command to disable the Port Grouping (

How port groups workCreate port groups using the ag --pgcreate command. This command groups N_Ports together as "portgroups." By default, an

FIGURE 10 Port group 1 (PG1) setupAdding an N_Port to a port group1. Connect to the switch and log in using an account assigned to the admin role.2. E

Renaming a port group1. Connect to the switch and log in using an account assigned to the admin role.2. Enter the ag --pgrename command with the appro

6 Access Gateway Administrator's Guide53-1003126-02

other than 120 seconds using the steps under Setting the current MFNM mode timeout value on page61.Creating a port group and enabling Automatic Login

• Be aware that modifying Automatic Login Balancing mode default settings using theagautomapbalance command may yield uneven distribution of F_Ports t

• APC policy and PG policy are mutually exclusive. You cannot enable these policies at the sametime.• If an N_Port is added to a port group or deleted

3. The Port Grouping policy must be enabled to enable Device Load Balancing. Enter the ag --policyshow command to determine if the Port Grouping polic

• In "Flexible" mode, the AG logs an event that it did not receive the same (requested) ALPA from thecore fabric and brings up the device wi

In the example, PWWN is the port that you want to remove from the database.Displaying device dataYou can view the ALPA of the host related to any port

N_Port goes offline. This occurs regardless of whether the Failover policy is enabled or disabled forthe primary N_Port.Failover with port mappingThe

FIGURE 11 Failover behaviorManaging Policies and Features in Access Gateway ModeAccess Gateway Administrator's Guide 6753-1003126-02

Managing Policies and Features in Access Gateway Mode68 Access Gateway Administrator's Guide53-1003126-02

Adding a preferred secondary N_Port (optional)F_Ports automatically fail over to any available N_Port. Alternatively, you can specify a preferredsecon

Preface● Document conventions...7● Brocade resource

Adding a preferred secondary N_Port for device mapping (optional)Use the following steps to configure a secondary N_Port where devices will connect if

3. Enter the ag --failoverenable N_Port command to enable failover.switch:admin> ag --failoverenable 13Failover policy is enabled for port 134. Ent

Failback policy configurations in Access GatewayThe following sequence describes how a failback event occurs:• When an N_Port comes back online, with

FIGURE 12 Failback behaviorEnabling and disabling the Failback policy on an N_PortUse the following steps to enable or disable the Failback policy on

• Enter the ag --failbackenable n_portnumber command to enable failback.switch:admin> ag --failbackenable 13Failback policy is enabled for port 13•

Trunking in Access Gateway modeThe hardware-based Port Trunking feature enhances management, performance, and reliability ofAccess Gateway N_Ports whe

Trunk group creationPort trunking is enabled between two separate Fabric OS switches that support trunking and where allthe ports on each switch resid

You can remove specified ports from a TA using the porttrunkarea --disable command, however, thiscommand does not unassign a TA if its previously assi

command forms a trunk group for ports 36-39 with index 37. These will be connected to N_Ports onan AG module.switch:admin> porttrunkarea --enable 3

Access Gateway trunking considerations for the Edge switch (Continued)TABLE 10 Category DescriptionManagement Server Registered Node ID (RNID), Link

Convention Descriptionvalue In Fibre Channel products, a fixed value provided as input to a commandoption is printed in plain text, for example, --sho

Access Gateway trunking considerations for the Edge switch (Continued)TABLE 10 Category DescriptionFC8-48 blades F_Port trunking does not support sh

Access Gateway trunking considerations for the Edge switch (Continued)TABLE 10 Category DescriptionD,I Zoning (D,I) AD(D, I) DCC and (PWWN,I) DCCCre

Adaptive Networking on Access GatewayAdaptive Networking (AN) services ensure bandwidth for critical servers, virtual servers, orapplications in addit

FIGURE 13 Starting point for QoSUpgrade and downgrade considerations for Adaptive Networking in AGmodeUpgrading to Fabric OS v7.1.0 from Fabric OS v6.

• QoS takes precedence over ingress rate limiting• Ingress rate limiting is not enforced on trunked ports.Per-Port NPIV login limitThe Per-Port NPIV l

device logged in. The first login takes precedence over the second login request in case of aduplicate entry exit on the F_Port without any NPIV devic

Legacy performance monitoring featuresInstead of Flow Monitor, you can use the legacy end-to-end and frame monitoring features availablethrough Advanc

frame type, for a particular purpose. The frame type can be a standard type (for example, an SCSI readcommand filter that counts the number of SCSI re

Considerations for the Brocade 6505 and 6510The Brocade 6505 and 6510 can function in either Fabric OS Native mode or Brocade AccessGateway mode. Thes

SAN Configuration with Access Gateway● Connectivity of multiple devices overview...

Brocade resourcesVisit the Brocade website to locate related documentation for your product and additional Brocaderesources.You can download additiona

FIGURE 14 Direct target attachment to switch operating in AG modeAlthough target devices can be connected directly to AG ports, it is recommended that

Target aggregationAccess Gateway mode is normally used as host aggregation. In other words, a switch in AG modeaggregates traffic from a number of hos

Access Gateway cascadingAccess Gateway cascading is an advanced configuration supported in Access Gateway mode. AccessGateway cascading allows you to

• Due to high subscription ratios that could occur when cascading AGs, ensure there is enoughbandwidth for all servers when creating such configuratio

If the switch is in Native mode, you can enable AG mode; otherwise, set the switch to Native mode,and then reboot the switch.Enabling NPIV on M-EOS sw

Rejoining Fabric OS switches to a fabricWhen a switch reboots after AG mode is disabled, the Default zone is set to no access. Therefore, theswitch do

Reverting to a previous configuration96 Access Gateway Administrator's Guide53-1003126-02

TroubleshootingThe following table provides troubleshooting information for Fabric OS switches in AG mode.Troubleshooting TABLE 12 Problem Cause Sol

Troubleshooting (Continued)TABLE 12 Problem Cause SolutionFailover is notworkingFailover disabled onN_Port.Verify that the failover and failback pol

IndexAAccess Gatewaycascading 92comparison to standard switches 24compatible fabrics 15connecting devices 89connecting two AGs 92description 15display